APT targets orgs as part of coordinated espionage campaign

We are excited to bring back Transform 2022 in person on July 19 and virtually July 20-28. Join AI and data leaders for insightful talks and exciting networking opportunities. Sign up today!


Today, Symantec’s Threat Hunter team published a blog post reporting that it had observed an Advanced Persistent Threat (APT) group known as Lazarus orchestrating an espionage campaign to target organizations within the chemical industry.

The group behind the attack, Lazarus, appears to be continuing a malicious campaign known as Operation Dream Job, a malicious campaign first discovered in August 2020, where attackers send enticing emails with fake job offers to employees to trick them into opening malware attachments or clicking links to websites that host malware.

While this attack primarily targeted organizations in the chemical industry, it also targeted a number of companies in the IT industry, as well as individuals in the defense, government, and engineering industries.

Why companies need a strategy to mitigate espionage-type attacks

Many organizations have long feared the advancement of state-sponsored attacks, with 80% of organizations reporting that they are concerned that their organization will fall victim to a nation-state cyberattack.

Now that Lazarus uses these espionage tactics to steal intellectual property, more attackers will begin to mimic these techniques to gain access to protected information and regulated data across industries.

“The first thing to say is that espionage operations of this type can target private organizations. We have seen Operation Dream Job hit a wide range of sectors at this stage. To protect themselves, organizations must adopt a defense-in-depth strategy, using multiple detection, protection, and hardening technologies to mitigate risk at each point of potential attack. chain,” said Dick O’Brien, principal intelligence analyst for the Symantec Threat Hunter team.

This latest attack has shown spear phishing to be one of the most powerful tools attackers have at their disposal, as an attacker only needs to trick an employee into clicking a single malicious link or attachment to gain access. a hole in the environment.

A single click on a link or attachment can infect your computer with malware and provide a network access point where the attacker can start working to establish lateral movement across the network to locate critical data assets that they can steal.

“It had all the hallmarks of a classic cyber espionage operation, from the initial lure of a bogus job posting, to its ability to gain credentials, move laterally through the target’s network, and ensure they maintain a persistent presence in the network. network to be able to get the data they are looking for. They are obviously veteran operators, with the knowledge of how to go unnoticed by maximizing the use of operating system features, legitimate tools, or Trojanized versions of legitimate tools,” O’Brien said.

How to stop espionage attempts

Defending against an attack orchestrated by an APT is no easy task. It only takes one employee to click on a link to cause a full-fledged data breach. As a result, organizations need to optimize their security defenses if they want to prepare to mitigate espionage threats.

Measures O’Brien recommends include implementing solutions to monitor and detect threats throughout your IT environment, ensuring the latest version of PowerShell is deployed with logging enabled, and auditing and monitoring administrative usage.

O’Brien also highlights the importance for organizations to make employees aware of targeted phishing, so they are equipped to spot tampering attempts whenever they come across them.

The VentureBeat Mission is to be a digital public square for technical decision makers to learn about transformative business technology and transact. Learn more about membership.

Leave a Comment